CNNVD-202601-4140 Information

CNNVD ID

CNNVD-202601-4140

Related CVE

CVE-2026-24515

• CNNVD Published: 2026-01-23

Description (Chinese)

libexpat是libexpat团队的一款使用C语言编写的流式XML解析器。 libexpat 2.7.4之前版本存在代码问题漏洞，该漏洞源于XML_ExternalEntityParserCreate函数未复制未知编码处理程序的用户数据。

Description (English)

Libexpat is a current XML solver for the libexpat team in C language. There is a code problem loophole in the previous version of libextpat 2.7.4, which stems from the fact that the XML ExternalEntityParserCreate function does not copy the user data of the unknown encoding process.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

libexpat

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/libexpat/libexpat/pull/1131